Large number of event ID 4674

Question

I'm getting a large number of 4674 events on one of my 2 work computers (my laptop) with my non-admin account, and most of them reference the SeBackupPrivilige on files like firefox.exe. I am not in the Backup Operators group and a GPO report shows that User Rights Assignment for Backing up files is set to Backup Operators. I have verified that my account does not have full ntfs rights to system or program folders (eg, C:\Program Files (x86)\Mozilla Firefox). Running whoami /priv, I get: PRIVILEGES INFORMATION ---------------------- Privilege Name Description State ============================= ==================================== ======== SeShutdownPrivilege Shut down the system Disabled SeChangeNotifyPrivilege Bypass traverse checking Enabled SeUndockPrivilege Remove computer from docking station Disabled SeIncreaseWorkingSetPrivilege Increase a process working set Disabled SeTimeZonePrivilege Change the time zone Disabled Any idea how I might be getting the SeBackupPrivilege, or if there is some way for me to stop these events from logging just for my user id? I don't want to impact the normal logging function. As I say, this is on one of two computers. Both computers are in the same domain and get most of the same policies except for a few things set especially for laptops. My desktop computer does not have this problem. Thanks.

Answer 1

Once more with proper formatting.

I'm getting a large number of 4674 events on one of my 2 work computers (my laptop) with my non-admin account, and most of them reference the SeBackupPrivilige on files like firefox.exe. I am not in the Backup Operators group and a GPO report shows that User Rights Assignment for Backing up files is set to Backup Operators. I have verified that my account does not have full ntfs rights to system or program folders (eg, C:\Program Files (x86)\Mozilla Firefox).

Running whoami /priv, I get:
PRIVILEGES INFORMATION ----------------------
Privilege Name Description State
SeShutdownPrivilege Shut down the system Disabled
SeChangeNotifyPrivilege Bypass traverse checking Enabled
SeUndockPrivilege Remove computer from docking station Disabled
SeIncreaseWorkingSetPrivilege Increase a process working set Disabled
SeTimeZonePrivilege Change the time zone Disabled

Any idea how I might be getting the SeBackupPrivilege, or if there is some way for me to stop these events from logging just for my user id? I
don't want to impact the normal logging function. As I say, this is on one of two computers. Both computers are in the same domain and get most of the same policies except for a few things set especially for laptops. My desktop computer does not have this problem.

Thanks.

Answer 2

Hi,

Refer to the link below and see if can help you.

https://social.technet.microsoft.com/Forums/sqlserver/en-US/6abcce35-870b-4d99-ba19-75aa581c69af/unable-to-enable-sebackupprivilege-sedebugprivilege-sesecurityprivilege-windows-10-to-install-an?forum=sqlsetupandupgrade

https://support.microsoft.com/en-us/help/2000257/sql-server-installation-fail-if-setup-account-not-have-some-user-right

But since the issue is more about SQL server and for further help, I suggest you submit a new case to the SQL server as they will be more professional on your issue.

https://social.technet.microsoft.com/Forums/sqlserver/en-US/home?category=sqlserver

The reason why we recommend posting appropriately is you will get the most qualified pool of respondents, and other partners who read the forums regularly can either share their knowledge or learn from your interaction with us.
Thanks for your understanding and cooperating. Have a nice day~

Best regards,
Sylvia

Answer 3

We have not heard from you in a couple of days. Please post back at your convenience if we can assist further.